AVG-2751 log

Package linux
Status Fixed
Severity High
Type multiple issues
Affected 5.18.1-1
Fixed 5.18.2-1
Current 5.19.1.arch2-1 [testing]
5.18.16.arch1-1 [core]
Ticket None
Created Tue Jun 7 10:25:40 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-1975 Medium Unknown Unknown
a sleep called in an atomic context could cause kernel panic during nfc firmware download
CVE-2022-1974 Medium No Information disclosure
a user with CAP_NET_ADMIN can use a race condition between kobject creation and delete to leak kernel information
CVE-2022-1972 High No Privilege escalation
a user with the ability to create user/net namespaces can exploit an out-of-bounds write in netflter to achieve privilege escalation to root.
CVE-2022-1966 High No Privilege escalation
a user with the ability to create user/net namespaces can exploit a use-after-free write in netflter to achieve privilege escalation to root.
CVE-2022-1734 High No Unknown
possible use-after-free due to race condition when simulating NFC device from user space
References
https://github.com/torvalds/linux/commit/c9a46a3d549286861259c19af4747e12cfaeece9
https://github.com/torvalds/linux/commit/8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0
Notes
TODO: check wether CVE-2022-1462, CVE-2022-1786 and CVE-2022-1852 belong here